There’s a common joke in cyber security circles that goes: “There’s no such thing as the Cloud, just somebody else’s computer”.
Although it’s not entirely accurate, it gets to the heart of many people’s misunderstanding of the Cloud, which they believe to be a seemingly abstract and therefore impenetrable place.
Information stored on the Cloud is safer than if it was merely on ‘somebody else’s computer’, but there are still significant risks that organisations must address.
This is something many businesses have been forced to confront after Europe’s largest Cloud provider, OVHcloud, suffered a fire that destroyed one of its data centres and left a nearby one with significant smoke damage.
Any organisation that used those data centres have no way of getting that information back – unless, of course, they had a business continuity plan in place that accounted for this possibility.
Risks of Cloud computing
No matter what Cloud service you use – whether it’s infrastructure-, platform- or software-as-a-service – the information is held in a physical location, and therefore it is subject to physical damage.
If the data centre housing your information is damaged, as happened to many organisations that used OVHcloud, you are reliant on the provider to fix the issue. And in this case, that’s easier said than done.
OVHcloud took more than a month to replace the lost computing and storage capacity cause by the fire. In the meantime, affected organisations were left having to find other ways to backup their data.
It’s a reminder that organisations should follow the 3-2-1 rule of secure backups, which states that you should have:
- At least three versions of your data
- It should be held on two separate media; and
- One of them should be located off-site.
This principle should ideally be covered in your business continuity plan. By implementing such a plan, organisations will gain a greater understanding of the risks they face and will be forced to acknowledge the possibility of data loss from the Cloud – in addition to any number of other disruptive incidents.
Indeed, effective business continuity planning helps organisations cope with incidents affecting all of their business-critical processes and activities, from the failure of a single server to the complete loss of a major facility.
You can find out more about business continuity planning by downloading our free green paper: Business Continuity and ISO 22301 – Preparing for disruption.
It explains the fundamental components of best-practice business continuity management, and shows you where the international standard ISO 22301 fits in.
The guide also outlines our step-by-step approach to implementing a business continuity management system, with tips to help you simplify the process.